It seems OpenJDK 6 and 7 are ok. Oracle jdk 6 needs JCE, oracle jdk 7 may need another extension (the JCE for jdk6 did not work for me). I would recommend that we @Ignore the failing tests, add some assumption or move them to a special test group which is not executed by default.
On Tue, Nov 12, 2013 at 7:28 AM, Koushik Das <koushik....@citrix.com> wrote: > The following tests are failing in my environment even with the JCE > extensions. > > /* Test7: If no chain is given, the certificate should be self > signed. Else, uploadShould Fail */ > runUploadSslCertNoChain(); > > /* Test8: Chain is given but does not have root certificate */ > runUploadSslCertNoRootCert(); > > /* Test9: The chain given is not the correct chain for the > certificate */ > runUploadSslCertBadChain(); > > /* Test12: Given a certificate signed by a CA and a valid CA > chain, upload should succeed */ > runUploadSslCertWithCAChain(); > > > > > On 12-Nov-2013, at 11:35 AM, Koushik Das <koushik....@citrix.com> wrote: > > > I see the JCE extensions in jdk 1.7 as well. They are present under > <java_home>/jre/lib/security. But still I see a test failure. Is there any > other configuration that is required? > > > > Running org.apache.cloudstack.network.lb.CertServiceTest > > Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 1.456 > sec <<< FAILURE! > > > > -Koushik > > > > On 12-Nov-2013, at 11:19 AM, Prasanna Santhanam <t...@apache.org> > > wrote: > > > >> My MacOSX 1.6 jdk seems to have the crypto extensions jce builtin and > >> the build+test works. JDK 1.7 install does not have them though. > >> > >> The JCE kit seems to carry a BCL which is not ASF friendly [1]. But > >> this being part of the Java install and not the project it should be > >> okay IMO if we note it in our wiki on building the project. > >> > >> As for legal aspects - I found this which might be of some relevance. > >> http://markmail.org/message/evtkc656gewrkruf > >> > >> [1] http://www.apache.org/legal/3party.html#transition-examples > >> > >> On Mon, Nov 11, 2013 at 10:45:12PM +0100, Laszlo Hornyak wrote: > >>> Hi, > >>> > >>> That is a good question, I do not know for sure, but this package > needs to > >>> be signed by oracle, it is not redistributable and has teritorial > import > >>> restrictions, so it could be problematic :-( I hope it is not. Guys, > can > >>> someone help us here? > >>> > >>> > >>> On Mon, Nov 11, 2013 at 10:21 PM, Syed Ahmed <sah...@cloudops.com> > wrote: > >>> > >>>> Hi Laszlo, > >>>> > >>>> The CertService uses BouncyCastle for certificate parsing and > validation. > >>>> The JCE extension provides the API for using BouncyCastle as the > provider. > >>>> So, JCE is required. I know that BouncyCastle is added in CS. Would > it be > >>>> possible to add JCE as a dependency too? > >>>> > >>>> Thanks, > >>>> -Syed > >>>> > >>>> > >>>> On 13-11-10 09:55 AM, Laszlo Hornyak wrote: > >>>> > >>>>> Hi Sahmed and list, > >>>>> > >>>>> I ran into some failing tests this weekend related to the patch > >>>>> 0076307863e9155273d9e4c14282de429388c9e9 apparently jenkins fails for > >>>>> the same reason. I did a short investigation and it turned out that > in > >>>>> order to run the tests correctly, one has to download the sun jce > policy > >>>>> files and put it in the jdk replacing the original policies. > >>>>> > >>>>> Questions: > >>>>> - Is there a more convenient deployment process? :-) It would be very > >>>>> useful for the jenkins environment as well. > >>>>> - I gave it a try and patched the oracle jdk 1.7 with the same > plugin, it > >>>>> did not work. Do you know a way to make it work again with jdk 1.7? > >>>>> > >>>>> Thank you, > >>>>> Laszlo > >>>>> > >>>>> -- > >>>>> > >>>>> EOF > >>>>> > >>>> > >>>> > >>> > >>> > >>> -- > >>> > >>> EOF > >> > >> -- > >> Prasanna., > >> > >> ------------------------ > >> Powered by BigRock.com > >> > > > > -- EOF
